FTC Commissioner Terrell McSweeny blasts Lenovo for what he calls “omissions” that “were deceptive” even as the FTC and Lenovo agreed to a $3,5 million fine to settle a two-year-old preloaded software dispute.

“I support the Commission’s complaint against Lenovo, but I am troubled by conduct in this case that the Commission fails to challenge,” McSweeny wrote in a statement that accompanied the settlement.

“According to the complaint, Lenovo, Inc. preinstalled software on computers that was designed to serve advertisements to consumers while they were browsing websites. The software, called VisualDiscovery, acted as a “man-in-the-middle” between the consumers and all of the websites with which they communicated. It allegedly actively contravened the security posture of consumers’ computers, leaving them vulnerable both to attack from cyber-criminals and to transmitting personal information across the web to Superfish, Inc. servers. These unfair practices violate the Federal Trade Commission Act and are appropriately challenged by the FTC in Counts II and III of the complaint.

“But Lenovo’s unlawful conduct went beyond the data security failings alleged in the complaint. The complaint also describes how the software it preinstalled on computers would: (1) inject pop-up ads every time consumers visited a shopping website; and (2) disrupt web browsing by reducing download speeds by almost 25 percent and upload speeds by 125 percent. These facts were not disclosed to consumers and these omissions were deceptive.

“Moreover, the FTC alleges that the VisualDiscovery software was designed to be difficult to discover. Consumers were initially made aware of the existence of the VisualDiscovery software via a pop-up window the first time they visited an ecommerce site. But clicking to close that window opted consumers into the program. The initial pop-up window failed to disclose that VisualDiscovery would follow the consumers from shopping site to shopping site; slow the performance and functionality of the web sites they visited; and compromise their security and privacy throughout each online browsing session.”

In another statement, Acting Chairman Maureen K. Ohlhausen said Lenovo’s “disclosure” about the middleware “could have been better.”

“Lenovo failed to disclose that VisualDiscovery would act as a man-inthe-middle. However, Lenovo did disclose that the software would introduce advertising into consumers’ web browsing, although its disclosure could have been better,” she wrote.

Read the full statements at:

https://www.ftc.gov/public-statements/2017/09/statement-commissioner-terrell-mcsweeny-matter-lenovo-inc

And:

https://www.ftc.gov/system/files/documents/public_statements/1250833/1523134lenovomkostatement.pdf